Laine Stump [Fri, 20 Sep 2019 22:15:19 +0000 (18:15 -0400)]
conf: refresh network ports missing from network driver on restart
Before the refactoring that properly separated the network driver from
the hypervisor driver and forced all interaction to go through public
APIs, all network usage counters were zeroed when the network driver
was initialized, and the network driver's now-deprecated
"semi-private" API networkNotifyActualDevice() was called for every
interface of every domain as each hypervisor "reconnected" its domains
during a libvirtd restart, and this would refresh the usage count for
each network.
Post-driver-split, during libvirtd restart/reconnection of the running
domains, the function virDomainNetNotifyActualDevice() is called by
each hypervisor driver for every interface of every domain restart,
and this function has code to re-register interfaces, but it only
calls into the network driver to re-register those ports that don't
already have a valid portid (ie. one that is not simply all 0),
assuming that those with valid portids are already known (and counted)
by the network driver.
commit 7ab9bdd47 recently modified the network driver so that, in most
cases, it properly resyncs each network's connection count during
libvirtd (or maybe virtnetworkd) restart by iterating through the
network's port list. This doesn't account for the case where a network
is destroyed and restarted while there are running domains that have
active ports on the network. In that case, the entire port list and
connection count for that network is lost, and now even a restart of
libvirtd/virtnetworkd/virtqemud, which in the past would resync the
connection count, doesn't help (the network driver thinks there are no
active ports, while the hypervisor driver knows about all the active
ports, but mistakenly believes that the network driver also knows).
The solution to this is to not just bypass valid portids during the
call to virDomainNetworkNotifyActualDevice(). Instead, we query the
network driver about the portid that was preserved in the domain
status, and if it is not registered, we register it.
(NB: while it would technically be correct to just generate a new
portid for these cases, it makes for less churn in portids (and thus
may make troubleshooting simpler) if we make the small fix to
virDomainNetDefActualToNetworkPort() that preserves existing valid
portids rather than unconditionally generating a new one.)
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
driver.c: change URI validation to handle QEMU and vbox case
The existing QEMU and vbox URI path validation consider
that a privileged user can use both a "/system" and a
"/session" URI. This differs from all the other drivers
that forbids the root user to use "/session" URI.
Let's update virConnectValidateURIPath() to handle these
cases as exceptions, using the already existent 'entityName'
value to handle "QEMU" and "vbox" differently. This allows
us to use the validateURI function in these cases without
changing the existing behavior of other drivers.
Laine Stump [Wed, 25 Sep 2019 16:42:51 +0000 (12:42 -0400)]
conf: utility function to update entry in def->nets array
A virDomainNetDef object in a domain's nets array might contain a
virDomainHostdevDef, and when this is the case, the domain's hostdevs
array will also have a pointer to this embedded hostdev (this is done
so that internal functions that need to perform some operation on all
hostdevs won't leave out the type='hostdev' network interfaces).
When a network device was updated with virDomainUpdateDeviceFlags(),
we were replacing the entry in the nets array (and free'ing the
original) but forgetting about the pointer in the hostdevs array
(which would then point to the now-free'd hostdev contained in the old
net object.) This often resulted in a libvirtd crash.
The solution is to add a function, virDomainNetUpdate(), called by
qemuDomainUpdateDeviceConfig(), that updates the hostdevs array
appropriately along with the nets array.
Michal Privoznik [Thu, 26 Sep 2019 14:17:49 +0000 (16:17 +0200)]
domain_conf: Unref video private data in virDomainVideoDefClear()
The private data for video definition is created in
virDomainVideoDefNew() and we attempt to free it in
virDomainVideoDefFree(). This seems to work, except
the free function calls clear function which zeroes
out the whole structure and thus virObjectUnref()
which is called on private data does nothing.
2,568 bytes in 107 blocks are definitely lost in loss record 207 of 213
at 0x4A35476: calloc (vg_replace_malloc.c:752)
by 0x50A6048: virAllocVar (viralloc.c:346)
by 0x513CC5A: virObjectNew (virobject.c:243)
by 0x4DC1DEE: qemuDomainVideoPrivateNew (qemu_domain.c:1337)
by 0x51A6BD6: virDomainVideoDefNew (domain_conf.c:2831)
by 0x51B9F06: virDomainVideoDefParseXML (domain_conf.c:15541)
by 0x51CB761: virDomainDefParseXML (domain_conf.c:21158)
by 0x51C5973: virDomainDefParseNode (domain_conf.c:21708)
by 0x51C583A: virDomainDefParse (domain_conf.c:21663)
by 0x51C58AE: virDomainDefParseFile (domain_conf.c:21688)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Peter Krempa [Thu, 19 Sep 2019 08:36:28 +0000 (10:36 +0200)]
qemu: Use virTypedParamList in the bulk stats gathering functions
The bulk stats functions are specific as they pass around the list into
many sub-functions and also a substantial amount of the entries uses
formatted names for indexing purposes. This makes them ideal to be
converted to the new virTypedParamList helpers.
Unfortunately given how the functions are used this requires a big-bang
rewrite of all of the calls to add entries to the parameter list.
Given that a substantial simplification is achieved as well as a pretty
significant change to the original code is required some macros which
were used only sporadically were replaced by inline calls rather than
tweaking the macros first and deleting them later.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 15 Aug 2019 09:32:28 +0000 (11:32 +0200)]
qemu: monitor: Change fields in qemuBlockStats to 'unsigned'
None of the fields actually return negative values. The internal
implementation of BlockAcctStats struct in qemu uses uint64_t and the
last place using -1 in libvirt was in the HMP monitor code which was
deleted.
Change the internal type to unsigned long long and ensure that all
public conversions don't overflow.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Thu, 19 Sep 2019 07:20:49 +0000 (09:20 +0200)]
util: typedparam: Simplify handling of lists of typed parameters
Introduce a new set of helpers including a new data structure which
simplifies keeping and construction of lists of typed parameters.
The use of VIR_RESIZE_N in the virTypedParamsAdd API has performance
benefits but requires passing around 3 arguments. Use of them lead to a
set of macros with embedded jumps used in the qemu statistics code.
This patch introduces 'virTypedParamList' type which aggregates the
necessary list-keeping variables and also a new set of functions to add
new typed parameters to a list.
These new helpers use printf-like format string and arguments to format
the argument name as the stats code often uses indexed typed parameters.
The accessor function then allows extracting the typed parameter list in
the same format as virTypedParamsAdd* functions would do.
One additional benefit is also that the list function can easily be used
with VIR_AUTOPTR.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 14 Aug 2019 12:52:46 +0000 (14:52 +0200)]
util: typedparam: Optionally copy strings passed to virTypedParameterAssignValue
Some code paths already pass in pointers to strings which should be
added directly as the value of the typed parameter. To allow more
universal use of virTypedParameterAssignValue add a flag which allows to
copy the value in place.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Tue, 17 Sep 2019 17:21:14 +0000 (19:21 +0200)]
util: typedparam: Split out public APIs into a separate file
Some of the typed parameter APIs are exported publicly, but the
implementation was intermixed with private functions. Introduce
virtypedparam-public.c, move all public API functions there and purge
the comments stating that some functions are public.
This will decrease the likelihood of messing up the expectations as well
as it will become more clear which of them are actually public.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Michal Privoznik [Mon, 16 Sep 2019 10:28:48 +0000 (12:28 +0200)]
qemu_blockjob: Remove secdriver metadata for whole backing chain on job completion
Turns out, block mirror is not the only job a disk can have. It
can also do commits of one layer into the other. Or possibly some
other tricks too. Problem is that while we set seclabels on given
layers of backing chain when the job is starting (via
qemuDomainStorageSourceAccessAllow()) we don't restore them when
job finishes. This leaves XATTRs set and corresponding images
unusable.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> ACKed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Wed, 25 Sep 2019 07:54:49 +0000 (09:54 +0200)]
domain_conf: Fix str2enum translation of video driver name
In bc1e924cf0d we've introduced video driver name and whilst
doing so we've utilized VIR_ENUM_IMPL() macro. Then, in domain
XML parsing code the generated
virDomainVideoBackendTypeFromString() is called and its return
value is assigned directly to an unsigned int variable which is
wrong. Also, the video driver enum has 'default' value which is
not formatted into domain XML but is accepted during parsing.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Tue, 24 Sep 2019 12:39:21 +0000 (14:39 +0200)]
qemu: snapshot: Don't forbid snapshot if autodestroy is registered
Semantically VIR_DOMAIN_START_AUTODESTROY doesn't really clash with
snapshot operations as the VM stays on the same host and thus bound to
the same connection. Saving the state also doesn't differ from modifying
the state of the VM which is allowed.
Remove the check as it doesn't make much sense.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Peter Krempa [Tue, 24 Sep 2019 12:59:04 +0000 (14:59 +0200)]
qemu: migration: Forbid only remote migration if autodestroy is active for VM
Semantically we can't guarantee that we'll be able to destroy the VM on
the remote host, thus we can't allow remote migration. All other forms
of migration (e.g. saving to file) are okay though as they don't clash
with semantics of the flag.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
Peter Krempa [Tue, 24 Sep 2019 12:55:15 +0000 (14:55 +0200)]
lib: Lessen restrictions on VIR_DOMAIN_START_AUTODESTROY
Apart from migrating the VM to a remote host where we can't honour the
VIR_DOMAIN_START_AUTODESTROY flag properly, restricting APIs which just
modify the state of the VM does not make much sense.
Change the wording of the documentation for VIR_DOMAIN_START_AUTODESTROY
so that snapshots and saving to a file may be permitted as they
semantically don't clash with the flag itself. Otherwise we'd have to
forbid other APIs, such as virDomainDestroy as well.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
For each vhost-user GPUs,
- build a socket chardev, and pass the vhost-user socket to it
- build a vhost-user video device and associate it with the chardev
Similar to the qemu_tpm.c, add a unit with a few functions to
start/stop and setup the cgroup of the external vhost-user-gpu
process. See function documentation.
The vhost-user connection fd is set on qemuDomainVideoPrivate struct.
Python3 versions less than 3.7 have very unhelpful handling
of the C locale where they assume data is 7-bit only. This
violates POSIX which requires the C locale to be 8-bit clean.
Python3 >= 3.7 now assumes that the C locale is always UTF-8.
Set env variables to force LC_CTYPE to en_US.UTF-8 so that
we get UTF-8 handling on all python versions. Note we do
not use C.UTF-8 since not all C libraries support that.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Peter Krempa [Mon, 23 Sep 2019 13:48:06 +0000 (15:48 +0200)]
qemu: snapshot: Do ACL check prior to checkpoint interlocking
Commit 7efe930ec3c introduced interlock of snapshots and checkpoints,
but the check is executed prior to the snapshot API ACL check. This
means that an unauthorized user can see whether a VM exists if it has a
checkpoint.
Move the checks to proper places.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
qemu_domain_address: use virPCIDeviceAddressEqual() in conditionals
A common operation in qemu_domain_address is comparing a
virPCIDeviceAddress and assigning domain, bus, slot and function
to a specific value. The former can be done with the existing
virPCIDeviceAddressEqual() helper, as long as we provide
a virPCIDeviceAddress to compare it to.
The later can be done by direct assignment of the now existing
virPCIDeviceAddress struct. The defined values of domain, bus,
slot and function will be assigned to info->addr.pci, the other
values are zeroed (which happens to be their default values too).
It's also worth noticing that all these assignments are being
conditioned by virDeviceInfoPCIAddressIsPresent() calls, thus it's
sensible to discard any non-zero values that might happen to exist
in @cont->info.addr, if we settled beforehand that @cont->info.addr
is not present or bogus.
Suggested-by: Erik Skultety <eskultet@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Erik Skultety <eskultet@redhat.com>
Laine Stump [Tue, 17 Sep 2019 00:08:00 +0000 (20:08 -0400)]
conf: reattach interface taps to correct bridge on restart
When the bridge re-attach handling was moved out of the network driver
and into the hypervisor driver (commit b806a60e) as a part of the
refactor to split the network driver into a separate daemon, the check
was accidentally changed to only check for type='bridge'. The check for
type in this case needs to check for type='network' as well.
(at the time we thought that the two types could be conflated for
interface actual type, but this turned out to be too problematic to
do).
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
The gnulib 'func' modules provides portability to compilers which lack
the '__func__' symbol. We only care about GCC and CLang compilers so do
not need this compatibility code.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Peter Krempa [Thu, 19 Sep 2019 15:13:31 +0000 (17:13 +0200)]
qemu: monitor: Remove support for HMP commands with fds
The remaining HMP commands don't require fd passing so we can purge
filedescriptor passing support from qemuMonitorJSONHumanCommandWitFd and
rename it.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
qemuSharedDeviceEntryRemove: Free domain name before VIR_DELETE_ELEMENT
The macro VIR_DELETE_ELEMENT assume that the items being deleted
have already been cleared, so we must explicitly free domain name
from the list of domains using the shared device to prevent a
memory leak.
Signed-off-by: Xu Yandong <xuyandong2@huawei.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
object_event: reference state only if virEventAddTimeout succeeded
When registering new callback for an event, the event loop timer
must be created and registered. The timer has domain event state
object as an opaque argument which must be ref()-ed but only if
the timer was being created and registered successfully. We must
not ref it every time the virObjectEventStateRegisterID() runs.
Signed-off-by: Xu Yandong <xuyandong2@huawei.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Peter Krempa [Wed, 18 Sep 2019 06:27:41 +0000 (08:27 +0200)]
Revert "configure: Colorize output"
The colors are not based on the semantics of the message but rather
on the message itself. This means that the default human-perceived
semantics (red = bad, green = good) don't really apply and spotting a
color does not mean anythting.
This is amplified by the sheer amount of output which configure produces
and the fact that some of the messages have negative semantics or
additional output.
In case of any problem the user will have to go through everything
anyways as spotting a red or yellow line has 0 information value.
Here are a few examples:
1) some 'no' messages are not a problem:
checking minix/config.h presence... no
2) some 'no' messages are actually positive:
checking for special C compiler options needed for large files... no
3) in some cases a 'yes' would mean that something is broken or needs
workaround
checking whether stat file-mode macros are broken... no
checking whether wint_t is too small... no
checking whether stdint.h predates C++11... no
checking whether the inttypes.h PRIxNN macros are broken... no
checking whether clang gives bogus warnings for -Wdouble-promotion... no
checking whether gettimeofday clobbers localtime buffer... no
4) due to string match based colors extra text makes messages yellow
checking for a traditional french locale... none
checking for working nanosleep... no (mishandles large arguments)
checking for library containing gethostbyname... none required
checking whether mbrtowc handles incomplete characters... (cached) guessing yes
5) in some cases the yes/no is very context dependant
checking whether pthread_rwlock_rdlock prefers a writer to a reader... no
checking whether this build is done by a static analysis tool... no
6) detected paths to binaries and libs are yellow despite being present
checking for objdump... objdump
checking for atomic ops implementation... gcc
As of the reasons above I don't think the colorization of the configure
output helps users or developers to debug the build process and
thus is not worth the extra code or output clutter.
The colorization based on the string itself makes little to no sense as
the semantic meaning of the color (red = bad, green = good) is not
extracted from the semantics of the message:
1) If there is some additional string a 'yes' is marked yellow:
Peter Krempa [Mon, 9 Sep 2019 08:55:20 +0000 (10:55 +0200)]
virsh: Don't open-code virJSONStringReformat in cmdQemuMonitorCommand
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 9 Sep 2019 08:51:25 +0000 (10:51 +0200)]
virsh: Use VIR_AUTO machinery in cmdQemuMonitorCommand
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 9 Sep 2019 08:41:15 +0000 (10:41 +0200)]
virsh: Use virshDomain type in 'inject-nmi'
With a nice side-effect of fixing alignment.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
projects / libvirt.git / log